7236 today
    Unauthorized gem takeover for some gems

    Unauthorized gem takeover for some gems

    12-May-2022 887
    Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so.To be vulnerable, a gem needed:one or more dashes in its namean attacker-controlled gem with the name before the dashcreation within 30 days OR no updates for over 100 daysFor example, the gem something-provider could have been taken over by the owner of the gem something. Organizations with many gems were not vulnerable as long as they owned the gem with the name before the dash, for example owning the gem orgname protected all gems with names like orgname-provider.
    Read more /
    Use coupon code:

    RUBYONRAILS

    to get 30% discount on our bundle!
    Prepare for your next tech interview with our comprehensive collection of programming interview guides. Covering JavaScript, Ruby on Rails, React, and Python, these highly-rated books offer thousands of essential questions and answers to boost your interview success. Buy our 'Ultimate Job Interview Preparation eBook Bundle' featuring 2200+ questions across multiple languages. Ultimate Job Interview Preparation eBook Bundle

    Bestseller

    Ruby Interview Questions

    Tags

    #Unauthorized #takeover #gem

    Related Links

    New Ruby released! 2.6.5, 2.5.7, 2.4.8.
    Turn off the bits of Rails you don't use - Andy Croll
    Tanakai is a modern web scraping framework written in Ruby. A fork of Kimurai.
    Announcing Eventide 1.0: Evented, Autonomous Microservices for Everyone!
    Capybara test scenario recorder for Rails

    Useful Links

    Quick Links

    Get in Touch

    Ruby On Rails Bosnia

    [email protected]

    Ruby On Rails Bosnia © 2016

    Template By HTML Codex